Journal of Shandong University(Engineering Science) ›› 2022, Vol. 57 ›› Issue (5): 85-91.doi: 10.6040/j.issn.1671-9352.2.2021.011

Previous Articles    

Improved peripheral register category scheme for IoT firmware testing

WANG Li-na1,2, CHEN Si1,2, ZHANG Tong1,2, QIN Peng1,2, XU Lai1,2   

  1. 1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, Hubei, China;
    2. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, Hubei, China
  • Published:2022-06-21

PDF (PC)

44

Abstract: By emulating the data interface between microcontroller and peripherals, rehosting proposed a new way to test firmware, but it is affected by the accuracy of peripherals registers it has categorized. By studying the details of firmware hosting, the problems in the register category can be found, and a set of reasonable correction schemes to synthesize the test results of multiple firmware can be adopted to improve the accuracy of its classification of peripheral registers, with very low overhead. After testing 54 different firmware under 4 types of microcontrollers, the solution can improve the accuracy of register classification judgments in most cases, and effectively improve the effect of firmware testing.

Key words: software analysis, microcontroller, rehost, IoT

CLC Number: 

  • TP309
[1] Ben Lutkevi, microcontroller(MCU)[EB/OL]. [2021-09-10]. https://internetofthingsagenda.techtarget.com/definition/microcontroller.
[2] PAPP Dorottya, MA Zhendong, BUTTYAN Levente. Embedded systems security: threats, vulnerabilities, and attack taxonomy[C] //13th Annual Conference on Privacy 2015. Izmir: IEEE, 2015: 145-152.
[3] STMicroelectronics. Introduction to STM32 microcontrollerssecurity[EB/OL]. [2021-08-10]. https://www.st.com/resource/en/application_note/dm00493651-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf.
[4] BOONE Adam. Why is traditional it security failing to protect the IoT[EB/OL].[2021-0901]. https://www.timesys.com/security/traditional- it-security-failing-to-protect-iot.
[5] 杨毅宇,周威,赵尚儒,等. 物联网安全研究综述:威胁、检测与防御[J]. 通信学报, 2021, 42(8):188-205. YANG Yiyu, ZHOU Wei, ZHAO Shangru, et al. Survey of IoT security research: threats, detection and defense[J]. Journal on Communications, 2021, 42(8):188-205.
[6] CORTEGGIANI Nassim, CAMURATI Giovanni, FRANCILLON Aurélien. Inception: system-wide security testing of real-world embedded systems software[C] //Proceedings of the 27th USENIX Security Symposium: USENIX.[S.l.] :[s.n.] , 2018: 309-326.
[7] KOSCHER Karl, KOHNO Tadayoshi, MOLNAR David. Surrogates: Enabling near-real-time dynamic analyses of embedded systems[C] //9th USENIX Workshop on Offensive Technologies. [S.l.] :[s.n.] , 2015.
[8] Seyed Mohammadjavad Seyed Talebi, TAVAKOLI Hamid, ZHANG Hang, et al. Charm: facilitating dynamic analysis of device drivers of mobile systems[C] //Proceedings of the 27th USENIX Security Symposium: USENIX. [S.l.] :[s.n.] , 2018: 1237-1254.
[9] ZADDACH Jonas, BRUNO Luca, FRANCILLON Aurelien, et al. Avatar: a framework to support dynamic security analysis of embedded systems firmwares[C] //NDSS. [S.l.] :[s.n.] , 2014: 1-16.
[10] ZALEWSKI Michal. Afl[EB/OL].[2021-08-20]. http://lcamtuf.-coredump.cx/afl/.
[11] FENG Bo, MERA Alejandro, LU Long. P2IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling[C] //Proceedings of the 29th USENIX Security Symposium: USENIX. [S.l.] :[s.n.] , 2020: 1237-1254.
[12] AVIATION Drona. Pluto drone [EB/OL]. [2021-08-02]. https://www.dronaavia-tion.com, 2017.
[13] Mbocaneg. Self-balancing robot source code[EB/OL]. [2021-08-03]. https://github.com-/mbocaneg/Inverted-Pendulum-Robot.
[14] ARMLIMITE D. ARM®v7-M Architecture Reference Manual[EB/OL]. [2021-09-01]. https://developer.arm.com/documentation/ddi0403/ee.
[15] QEMU Project Developers. Qemu operating modes[EB/OL]. [2021-09-10].https://qemu.weilnetz.de/doc/6.0/.
[16] STMicroelectronics. STM32 software development tools[EB/OL]. [2021-08-02]. https://www.st.com/en/development-tools/stm32- software-development-tools.html #overview.
[17] STMicroelectronics. STM32 F103RB microcontroller[EB/OL]. [2021-08-13]. https://www.st.com/r-esource/en/datasheet/stm32f103rb.pdf.
[18] NXP. NXP MK64FN1M0VLL12Microcontroller[EB/OL]. [2021-07-30]. https://www.nxp.com.cn/docs/en/data-sheet/K64P144M120SF-5.pdf.
[19] Microchip. Atmel SAM3X8E Microcontroller[EB/OL]. [2021-09-01]. https://www.microchip.com/downloads/en/DeviceDoc/Atmel-11057-32-bit-Cortex-M3-Microcontroller-SAM3X-SAM3A_Datasheet.pdf.
[1] ZHENG Zijun, FENG Xiang, YU Huiqun, LI Xiuquan. Dynamic prediction of spatiotemporal big data based on relationship transfer and reinforcement learning [J]. Journal of Shandong University(Engineering Science), 2021, 51(2): 105-114.
[2] Jinping MA. A multi-microcontroller communication method based on UART asynchronous serial communication protocol [J]. Journal of Shandong University(Engineering Science), 2020, 50(3): 24-30.
[3] QI Zhen, YU Shu-yan, LIU Lu, WANG Shu-guang*. Kinetic and thermodynamic studies on the adsorption of tetracycline onto graphene [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2013, 43(3): 63-69.
[4] YU Kui-long, FAN Tong-xiang*. Biomimetic fabrication of 2D photonic Y2O3:Eu3+ phosphor templated from butterfly wing scales [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2012, 42(1): 121-126.
[5] ZHAO Jun,ZHU Chen,WANG Hui, . The determination of βlactam antibiotics by reverse phase high performanceliquid chromatography method simultaneously [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2006, 36(3): 69-72 .
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of Journal of Shandong University (Engineering Science)
Supported by Beijing Magtech Co.Ltd